This is why the security architectures not trusting anything outside CPU were playing it smart. They typically do checks on crypto-protected RAM and HD storage. Microsemi’s CodeSeal is a production example. Edminson has a nice survey in his paper that also introduces his design: